SSO Principles of Operation
Uniform conventions for resource access and Single Sign On (SSO) used in these domains.
An ordered tuple factor-0, factor-1, ... carries the context of the domain user. To the extent possible the system avoids exposing the detailed semantics of the elements.
Multi Factor Authentication
A role secret pair never is a stand alone pass to high privilege levels. The default additional method is QR code scanned by a mobile device.
To the extent possible, the system operates automatically with minimized user interaction.